Cryptography

Cryptography: means to encrypt data transmission.

PKI: Public Key Cryptography is used to encrypt TCP/IP.
PKI use encryption algos for data security.
When a message is encryped using 8-bit key: 256 combinations of key needed to decrypt data.
If it is 32 bit: 65536 combinations needed.
So key length is important.
Also Algo used is important.
Algorithms: SHA1, 3DES, etc
Keys == symmetric & Asymmetric.
Symmetric use 1 key for encryption and decryption.
Asymmetric use two different keys.
Cryptography functionality is designed with objective of data confidentiality, integrity and authentication.


Internet use SSL and TLS for encrypt and decrypt the data sent.
SSL and TLS = asymmetric.
Two things: data is encrypted, and website is authentic.
Web server has SSL certificate, which nable traffic via HTTPS (TCP port 443).
SSL cert is signed by a certification authority (e.g. Verisign, Thawte).
SSL cert is tied to domain name.

Digital certificates using asymmetric PKI have two keys: public key and private key.
Private key is on Web server (website URL is secured by SSL)
Public key is on all browsers that support SSL.
Browsers support multiple CA vendors.
Public keys have expiration date and need to be updated.


Example:
Client hits website (SSL enabled).
Browser challenges Server by sending its own cipher strength.
Server does the same and responds by sending his SSL certificate.
Browser checks the validity and authenticity of certificate using public key.
Browser sends back a digitally signed response to server. In case server certificate cannot be verified for authenticity, browser alerts the user.
SSL introduces overhead. Addition of encryption layer to TCP/IP. Bigger TCP packets.